View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0023843 | Community | OCCT:Foundation Classes | public | 2013-03-20 12:45 | 2013-12-19 13:55 |
| Reporter | Pawel | Assigned To | |||
| Priority | normal | Severity | minor | ||
| Status | closed | Resolution | fixed | ||
| Platform | A | OS | L | ||
| Product Version | 6.5.4 | ||||
| Target Version | 6.7.0 | Fixed in Version | 6.7.0 | ||
| Summary | 0023843: scanf without field width limits can crash with huge input data. | ||||
| Description | Problem occurs in multiple files in TKernel, TKAdvTools and TKVoxel (consult the attached image for details). cppcheck message: Summary: scanf without field width limits can crash with huge input data. Message: scanf without field width limits can crash with huge input data. Add a field width specifier to fix this problem: %s => %20s Sample program that can crash: #include <stdio.h> int main() { char c[5]; scanf("%s", c); return 0; } To make it crash, type in more than 5 characters. | ||||
| Tags | No tags attached. | ||||
| Test case number | Not needed | ||||
|
|
scanf_warning.png (35,146 bytes) |
|
|
Dear abv, I've pushed a fix into branch CR23843. Please, review. |
|
|
When using memset(), it is preferable to use sizeof() to get size of the buffer instead of using hard-coded value; this would prevent possible errors due to different size used in the call and in the buffer declaration (like in Units_UnitsDictionary.cxx, line 164, or Units_Lexicon.cxx, line 92). The same applies to other calls. In calls to getline() or sprintf() do not forget that the last symbol in the buffer should be reserved for end-of-string symbol ('\0'), thus in most cases number of bytes allowed to be put in the buffer should be its size -1. |
|
|
Dear abv, I've fixed the mistakes you mentioned above. Please, review. |
|
|
In Interface_Static.cxx, please make variable defmess local (not global static). In Voxel_Reader.cxx, please correct sizes of the buffers vs. sprintf() formats. |
|
|
Dear abv, The branch was rebased onto current master and includes last fixes, you asked about. Please, review. |
|
|
No remarks, please test |
|
|
Dear BugMaster, Branch CR23843_1 (and products from GIT master) was compiled on Linux and Windows platforms and tested without rebase. SHA-1: 71326b29c26aa0ffed9ca44259104fdbbfdad520 Number of compiler warnings: occt component : Linux: 4 (3 on master) - Interface Windows: 13 (11 on master) - Interface http://jenkins-test-01.nnov.opencascade.com:8080/user/mnt/my-views/view/Warnings/job/mnt-CR23843_1-master_build_occt_linux/1/warnings12Result/? http://jenkins-test-01.nnov.opencascade.com:8080/user/mnt/my-views/view/CR23843_1/job/mnt-CR23843_1-master_build_occt_windows/1/warnings23Result/new/? products component : Linux: 0 (0 on master) Windows: 50 (50 on master) Regressions: No regressions Improvements: No improvements Testing cases: Not needed Testing on Linux: Total MEMORY difference: 238921008 / 238903524 Total CPU difference: 16961.850000000173 / 16289.690000000137 Testing on Windows: Total MEMORY difference: 351039052 / 351749312 Total CPU difference: 20966.171875 / 20720.78125 There are not serious differences in images found by testdiff. |
|
|
Dear abv, I've fixed the noticed compiler warning. Please, review. |
|
|
Please restore defmess as static in Interface_Static.cxx... I did not realize it was used in return statements |
|
|
Dear abv, I've reverted the changes int the file. Please, review. |
|
|
No remarks, please test |
|
|
Dear BugMaster, Branch CR23843_1 (and products from GIT master) was compiled on Linux and Windows platforms and tested with rebase. SHA-1: a6845d08b96c648d3bc0f7d10841b15fafc31403 Number of compiler warnings: occt component : Linux: 2 (2 on master) Windows: 1 (11 on master) products component : Linux: 0 (0 on master) Windows: 50 (50 on master) Regressions: No regressions Improvements: No improvements Testing cases: Not needed Testing on Linux: Total MEMORY difference: 244700820 / 244823288 Total CPU difference: 13744.750000000071 / 19944.249999999734 Testing on Windows: Total MEMORY difference: 356203372 / 355731632 Total CPU difference: 16812.65625 / 20857.28125 There are not serious differences in images found by testdiff. |
|
occt: master d0e4e578 2013-04-26 11:29:28
|
0023843: scanf without field width limits can crash with huge input data. Corrected width specifiers and use of buffer arrays in *printf and *scanf functions. Removed unreferenced variable warning. Got rid of compiler warning (returning address of local variable or temporary). |
Affected Issues 0023843 |
|
| mod - src/Dynamic/Dynamic_FuzzyDefinitionsDictionary.cxx | Diff File | ||
| mod - src/Dynamic/Dynamic_MethodDefinitionsDictionary.cxx | Diff File | ||
| mod - src/Interface/Interface_Static.cxx | Diff File | ||
| mod - src/Materials/Materials_MaterialDefinition.cxx | Diff File | ||
| mod - src/Materials/Materials_MaterialsDictionary.cxx | Diff File | ||
| mod - src/Units/Units_Lexicon.cxx | Diff File | ||
| mod - src/Units/Units_UnitsDictionary.cxx | Diff File | ||
| mod - src/Voxel/Voxel_Reader.cxx | Diff File | ||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2013-03-20 12:45 | Pawel | New Issue | |
| 2013-03-20 12:45 | Pawel | Assigned To | => bugmaster |
| 2013-03-20 12:45 | Pawel | File Added: scanf_warning.png | |
| 2013-03-20 12:55 |
|
Assigned To | bugmaster => omy |
| 2013-03-20 12:55 |
|
Status | new => assigned |
| 2013-03-20 12:55 |
|
Target Version | => 6.7.0 |
| 2013-03-20 17:42 |
|
Note Added: 0023827 | |
| 2013-03-20 17:42 |
|
Assigned To | omy => abv |
| 2013-03-20 17:42 |
|
Status | assigned => resolved |
| 2013-03-21 10:47 |
|
Note Added: 0023828 | |
| 2013-03-21 10:47 |
|
Assigned To | abv => omy |
| 2013-03-21 10:47 |
|
Status | resolved => assigned |
| 2013-03-21 15:18 |
|
Note Added: 0023832 | |
| 2013-03-21 15:18 |
|
Assigned To | omy => abv |
| 2013-03-21 15:18 |
|
Status | assigned => resolved |
| 2013-04-01 13:23 |
|
Note Added: 0023949 | |
| 2013-04-01 13:23 |
|
Assigned To | abv => omy |
| 2013-04-01 13:23 |
|
Status | resolved => assigned |
| 2013-04-02 12:00 |
|
Note Added: 0023962 | |
| 2013-04-02 12:00 |
|
Assigned To | omy => abv |
| 2013-04-02 12:00 |
|
Status | assigned => resolved |
| 2013-04-04 06:53 |
|
Note Added: 0023988 | |
| 2013-04-04 06:53 |
|
Assigned To | abv => bugmaster |
| 2013-04-04 06:53 |
|
Status | resolved => reviewed |
| 2013-04-04 14:52 |
|
Assigned To | bugmaster => mkv |
| 2013-04-05 21:21 |
|
Note Added: 0024026 | |
| 2013-04-05 21:22 |
|
Test case number | => Not needed |
| 2013-04-05 21:22 |
|
Assigned To | mkv => omy |
| 2013-04-05 21:22 |
|
Status | reviewed => assigned |
| 2013-04-09 14:31 |
|
Note Added: 0024044 | |
| 2013-04-09 14:31 |
|
Assigned To | omy => abv |
| 2013-04-09 14:31 |
|
Status | assigned => resolved |
| 2013-04-09 14:47 |
|
Note Added: 0024045 | |
| 2013-04-09 14:47 |
|
Assigned To | abv => omy |
| 2013-04-09 14:47 |
|
Status | resolved => assigned |
| 2013-04-09 14:57 |
|
Note Added: 0024047 | |
| 2013-04-09 14:57 |
|
Assigned To | omy => abv |
| 2013-04-09 14:57 |
|
Status | assigned => resolved |
| 2013-04-09 15:13 |
|
Note Added: 0024048 | |
| 2013-04-09 15:13 |
|
Assigned To | abv => bugmaster |
| 2013-04-09 15:13 |
|
Status | resolved => reviewed |
| 2013-04-12 15:45 | apn | Assigned To | bugmaster => apn |
| 2013-04-15 17:26 | apn | Note Added: 0024141 | |
| 2013-04-15 17:26 | apn | Assigned To | apn => bugmaster |
| 2013-04-15 17:26 | apn | Status | reviewed => tested |
| 2013-04-30 10:28 |
|
Changeset attached | => occt master d0e4e578 |
| 2013-04-30 10:28 |
|
Assigned To | bugmaster => omy |
| 2013-04-30 10:28 |
|
Status | tested => verified |
| 2013-04-30 10:28 |
|
Resolution | open => fixed |
| 2013-05-27 13:10 | Pawel | Relationship added | parent of 0023996 |
| 2013-12-19 13:53 | bugmaster | Status | verified => closed |
| 2013-12-19 13:55 | bugmaster | Fixed in Version | => 6.7.0 |
